Exchange Token
Method is used to obtain user's permanent access token by exchanging it with the access code received during the user authentication.
Request
https://api.dapi.com/v2/auth/ExchangeTokenRequest Example
{
"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M",
"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}Body Parameters
| Parameter | Type | Description |
|---|---|---|
| appSecret REQUIRED | String | Private token generated at application creation. |
| accessCode REQUIRED | String | Unique code for a user’s successful login to Connect. Returned in the response of UserLogin. |
| connectionID REQUIRED | String | The connectionID from a user’s successful log in to Connect |
Response
Response Example
{
"success": true,
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImF1dGhvcml6YXRpb25zIjp7ImF1dGhlbnRpY2F0aW9uIjp7ImNyZWF0ZSI6dHJ1ZX0sImlkZW50aXR5Ijp7ImdldCI6ZmFsc2V9LCJhY2NvdW50cyI6eyJnZXQiOmZhbHNlfSwiYmFsYW5jZSI6eyJnZXQiOmZhbHNlfSwidHJhbnNhY3Rpb25zIjp7ImdldCI6ZmFsc2V9LCJiZW5lZmljaWFyaWVzIjp7ImdldCI6ZmFsc2UsImNyZWF0ZSI6ZmFsc2V9LCJ0cmFuc2ZlciI6eyJjcmVhdGUiOmZhbHNlfSwiY2FyZHMiOnsiZ2V0IjpmYWxzZX0sInN0YXRlbWVudHMiOnsiZ2V0IjpmYWxzZX0sInByb2R1Y3RzIjpbImRhdGEiLCJwYXltZW50Il19LCJpYXQiOjE2MTY0MjkzMTZ9.MIicjZXD8ojOqInzKqeyzmfCkQaxl7K6NU7Q5UPt47Y",
"status":"done"
}Response Parameters
| success | Boolean | Returns true if request is successful and false for all else. |
| accessToken | String | A unique permanent token linked to one user. Is only returned if the request was successful |
| status | Enum | Status of the operation done - Operation Completed failed - Operation Failed user_input_required - Pending User Input initialized - Operation In Progress
|
| type | Enum | Type of error encountered Is only returned if the request was not successful |
| msg | String | Detailed description of the error Is only returned if the request was not |
Examples
Successful
{
"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M",
"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}{
"success": true,
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImF1dGhvcml6YXRpb25zIjp7ImF1dGhlbnRpY2F0aW9uIjp7ImNyZWF0ZSI6dHJ1ZX0sImlkZW50aXR5Ijp7ImdldCI6ZmFsc2V9LCJhY2NvdW50cyI6eyJnZXQiOmZhbHNlfSwiYmFsYW5jZSI6eyJnZXQiOmZhbHNlfSwidHJhbnNhY3Rpb25zIjp7ImdldCI6ZmFsc2V9LCJiZW5lZmljaWFyaWVzIjp7ImdldCI6ZmFsc2UsImNyZWF0ZSI6ZmFsc2V9LCJ0cmFuc2ZlciI6eyJjcmVhdGUiOmZhbHNlfSwiY2FyZHMiOnsiZ2V0IjpmYWxzZX0sInN0YXRlbWVudHMiOnsiZ2V0IjpmYWxzZX0sInByb2R1Y3RzIjpbImRhdGEiLCJwYXltZW50Il19LCJpYXQiOjE2MTY0MjkzMTZ9.MIicjZXD8ojOqInzKqeyzmfCkQaxl7K6NU7Q5UPt47Y",
"status":"done"
}Failed - Missing Mandatory Parameters
{
"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M"
}{
"success": false,
"status": "failed",
"msg": "Validation error on field 'connectionID'. Error: value must not be an empty string",
"type": "INVALID_ARGS"
}Failed - Invalid AccessCode
{
"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
"accessCode": "Invalid_access_code",
"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}{
"msg": "Invalid token",
"type": "INVALID_TOKEN",
"success": false,
"status": "failed"
}FAQ
What is the difference betweenaccessCode and accessToken?
accessCodeis a temporary token generated upon successful authentication via the Connect Layer.
accessTokenis a permanent token that is generated upon sending theaccessCodealong other secrets to Dapi using theexchangeTokenrequest.
How permanent is theaccessToken?
One
accessTokencorresponds to one pair of login credentials into one bank account. The only way theaccessTokenloses its validity is if the user changes their login credentials or if the De-Link User API is called.
Why do I need anaccessToken?
accessTokenis required to make any following API calls to Dapi to retrieve data or initiate payments.